chore: remove mac os from CI and refactor base64Lemmas (#1325)

Author: rishav-karanjit

.github/workflows/library_dafny_verification.yml

@@ -28,7 +28,11 @@ jobs:
             AwsCryptographicMaterialProviders,
             StandardLibrary,
           ]
-        os: [macos-latest-large]
+        os: [
+            ubuntu-22.04,
+            # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286
+            # macos-latest-large
+          ]
     runs-on: ${{ matrix.os }}
     defaults:
       run:

.github/workflows/library_go_tests.yml

@@ -36,7 +36,8 @@ jobs:
             # Windows source code is tested downstream (ex. ESDK-Python CI).
             # windows-latest,
             ubuntu-22.04,
-            macos-13,
+            # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286
+            # macos-13,
           ]
     runs-on: ${{ matrix.os }}
     defaults:

.github/workflows/library_interop_tests.yml

@@ -23,7 +23,8 @@ jobs:
             # https://taskei.amazon.dev/tasks/CrypTool-5283
             # windows-latest,
             ubuntu-22.04,
-            macos-13,
+            # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286
+            # macos-13,
           ]
         language: [java, net, python, rust, go]
         # https://taskei.amazon.dev/tasks/CrypTool-5284
@@ -209,7 +210,8 @@ jobs:
             # TODO just test on mac and ubuntu for now
             # windows-latest,
             ubuntu-22.04,
-            macos-13,
+            # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286
+            # macos-13,
           ]
         encrypting_language: [java, net, python, rust, go]
         decrypting_language: [java, net, python, rust, go]

.github/workflows/library_java_tests.yml

@@ -31,7 +31,8 @@ jobs:
             # TODO just test on mac for now
             # windows-latest,
             ubuntu-22.04,
-            macos-13,
+            # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286
+            # macos-13,
           ]
         java-versions: [8, 11, 16, 17]
     runs-on: ${{ matrix.os }}

.github/workflows/library_net_tests.yml

@@ -29,7 +29,12 @@ jobs:
             TestVectorsAwsCryptographicMaterialProviders,
           ]
         dotnet-version: ["6.0.x"]
-        os: [windows-latest, ubuntu-22.04, macos-13]
+        os: [
+            windows-latest,
+            ubuntu-22.04,
+            # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286
+            # macos-13,
+          ]
     runs-on: ${{ matrix.os }}
     defaults:
       run:

.github/workflows/library_python_tests.yml

@@ -36,7 +36,8 @@ jobs:
             # Windows source code is tested downstream (ex. ESDK-Python CI).
             # windows-latest,
             ubuntu-22.04,
-            macos-13,
+            # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286
+            # macos-13,
           ]
     runs-on: ${{ matrix.os }}
     defaults:

.github/workflows/library_rust_tests.yml

@@ -29,7 +29,11 @@ jobs:
             TestVectorsAwsCryptographicMaterialProviders,
           ]
         # removed windows-latest because somehow it can't build aws-lc in CI
-        os: [ubuntu-22.04, macos-13]
+        os: [
+            ubuntu-22.04,
+            # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286
+            # macos-13
+          ]
     runs-on: ${{ matrix.os }}
     permissions:
       id-token: write

StandardLibrary/src/Base64Lemmas.dfy

@@ -54,11 +54,10 @@ module Base64Lemmas {
     requires Is1Padding(s[(|s| - 4)..])
     ensures Encode(DecodeValid(s)) == s
   {
+    DecodeValidEncode1PaddingHelper(s);
     calc {
       Encode(DecodeValid(s));
     ==
-      assert |DecodeValid(s)| % 3 == 2;
-      assert 2 <= |DecodeValid(s)|;
       EncodeUnpadded(DecodeValid(s)[..(|DecodeValid(s)| - 2)]) + Encode1Padding(DecodeValid(s)[(|DecodeValid(s)| - 2)..]);
     == { DecodeValidUnpaddedPartialFrom1PaddedSeq(s); }
       assert IsUnpaddedBase64String(s[..(|s| - 4)]) by {
@@ -76,6 +75,16 @@ module Base64Lemmas {
     }
   }
 
+  lemma DecodeValidEncode1PaddingHelper(s: seq<char>)
+    requires IsBase64String(s)
+    requires |s| >= 4
+    requires Is1Padding(s[(|s| - 4)..])
+  {
+    assert |DecodeValid(s)| % 3 == 2;
+    assert 2 <= |DecodeValid(s)|;
+  }
+
+
   lemma DecodeValidUnpaddedPartialFrom2PaddedSeq(s: seq<char>)
     requires IsBase64String(s)
     requires |s| >= 4
@@ -96,11 +105,10 @@ module Base64Lemmas {
     requires Is2Padding(s[(|s| - 4)..])
     ensures Encode(DecodeValid(s)) == s
   {
+    DecodeValid2PaddingPropertiesHelper(s);
     calc {
       Encode(DecodeValid(s));
     ==
-      assert |DecodeUnpadded(s[..|s|-4])| % 3 == 0;
-      assert |DecodeValid(s)| % 3 == 1;
       EncodeUnpadded(DecodeValid(s)[..(|DecodeValid(s)| - 1)]) + Encode2Padding(DecodeValid(s)[(|DecodeValid(s)| - 1)..]);
     == { DecodeValidUnpaddedPartialFrom2PaddedSeq(s); }
       EncodeUnpadded(DecodeUnpadded(s[..(|s| - 4)])) + Encode2Padding(DecodeValid(s)[(|DecodeValid(s)| - 1)..]);
@@ -115,6 +123,15 @@ module Base64Lemmas {
     }
   }
 
+  lemma DecodeValid2PaddingPropertiesHelper(s: seq<char>)
+    requires IsBase64String(s)
+    requires |s| >= 4
+    requires Is2Padding(s[(|s| - 4)..])
+  {
+    assert |DecodeUnpadded(s[..|s|-4])| % 3 == 0;
+    assert |DecodeValid(s)| % 3 == 1;
+  }
+
   lemma DecodeValidEncode(s: seq<char>)
     requires IsBase64String(s)
     ensures Encode(DecodeValid(s)) == s